Blog

You may not want to rely on the Food & Drug Administration’s (FDA’s) app approval system: Roughly 90 percent of Android health-care apps have been hacked, and 22 percent of them were FDA-approved. That information comes from the latest State of Mobile App Security report from Arxan Technologies, which attributed the high rate to a lack of information, security training and resources in the health-care field.

Of health-care apps, none that were Apple iOS-based have been hacked. But, looking at all apps, the risk is close between Android and iOS. Looking at the top 100 paid apps, 97 percent of those that are Android-based have been hacked, and 87 percent of those that are iOS-based have been hacked.

Medical Group Management Association (MGMA) 2014 annual conference attendees were fortunate to get some tips for improving patient satisfaction from Joan Hablutzel, senior industry analyst with the MGMA—because doing so is essential to the success of a medical practice in an increasingly competitive health-care marketplace. Here are 10 of them.

Say hello and smile when patients arrive to acknowledge their presence.

Answer the phone in three rings with a consistent greeting to show the practice views the patent as an individual.

Show empathy in your communication with the patent by observing his or her mannerism sand responding in kind.

Explain what is going to happen, whether it’s a process or a procedure.

Don’t interrupt when a patient is talking.

Look for signs that a patient is dissatisfied or concerned—and when you hear concerns, don’t ever leave it at “I don’t know.” Find someone who does.

Always respect patient confidentiality.

Live up to your promises. Set time estimates and update patients if they change, apologizing when necessary.

Say goodbye and wish the patient well upon departure to affirm respect.

These steps may be simple, says Hablutzel, but implementing them can truly transform the way staff members interact with patients, boosting their perception of your practice and driving growth. Contact us today to see how our systems can help.

For the first time ever, achieving meaningful use depends on patient behavior: Meaningful use Stage 2 requires at least 5 percent of a health-care provider's patients to be engaged in their own care— either through an electronic medical record (EMR) or an online portal.

The push for patient engagement is understandable, if data provided by the Robert Wood Johnson Foundation is accurate. According to the foundation, patients who are not engaged in their own health care can cost 21 percent more than patients who are highly engaged.

But, many health-care providers are worried about the patient engagement requirement, and for good reason: To some extent patient engagement is out of the physician’s control. But it doesn’t have to be, with good communication, both in the office and via electronic followup.

The first step is letting your patients know you have an online portal, which they may not be aware of. According to a survey from Technology Advice, a consulting firm, 40 percent of people who saw a primary-care physician within the last year didn’t even know if the physician offered a portal.

Keep in mind, however, that you may want to do more than create and communicate about a patient portal. By creating a vehicle that connects all stakeholders across the health-care continuum—patients and physicians alike—you truly elevate the patient experience.

If you are looking for help meeting these requirements, contact us today to learn how our systems and experts can support your practice.

As of June 30, 2014, more than 1,000 data breaches affecting more than 500 patients each have been reported to the Department of Health & Human Services - for a total of roughly 32,000,000 people who have had their privacy compromised. And, according to the annual Redspin Breach Report, published in February of 2014, 7.1 million patient records were breached in 2013, a 137.7% increase over 2012.

And, the threat is getting broader. Once caused primarily by snooping or negligent employees, data breaches are now increasingly caused by cybercriminals who realize the potential financial value of medical records. Case in point: The Chinese hacker attack on the 206-hospital Community Health Systems which resulted in the breach of 4.5 million patient records, the second-largest HIPAA breach ever reported.

No physician practice should consider itself immune. While large hospital systems may be most attractive to hackers, Eric Perakslis, executive director of Harvard Medical School's Center for Biomedical Informatics, recently wrote in a New England Journal of Medicine article that 72 percent of cyberattacks have been aimed at hospitals, group practices and other provider organizations.

Perakslis recommends an "active learning approach” that involves real-time surveillance of emerging threats - and that includes an intimate knowledge of one's own network and vigilance at one's own practice. One of the most effective ways you can do this is to work with a company like ours who can help not only ensure security of your systems but also help teach you and your staff about common security issues.

As we move toward the October 2015 compliance deadline for ICD-10, the Journal of AHIMA has tackled three misconceptions about the new coding system.

ICD-9 isn't so bad. In reality, ICD-9 is obsolete, and the longer it is in use, the more the quality of health-care data will decline, leading to faulty decisions based on inaccurate or imprecise data. This could lead to increased operating costs along with mistakes which could have a negative effect on your practice and overall billings.

More codes create confusion and difficulty. Almost half of the new codes reflect the ability to differentiate one side of a patient's body from the other. Moreover, more codes, which are more precise, will in fact make it easier to find the right code. It's true that it will take time to learn the new codes, but in the long-run you should see overall efficiency increase, along with more accurate medical records which will make your job easier.

We could just use SNOMED CT or move right to ICD-11. Terminologies such as SNOMED and classification systems such as ICD-10 different roles—albeit complementary ones. And, ICD-11 won’t be ready for prime time until 2017, and that dates marks the beginning, not the end, of the process toward adoption. Remember, ICD-10 was first used by World Health Organization members 1994—and 10 year’s later it’s just going live on a widespread basis.

If you would like to learn more about ICD-10 and how you can ensure that your practice is ready for the October 2015 deadline, contact us today to learn how we can help.

The compliance date for ICD-10 is farther away than it once was, but it’s still coming — and health-care practitioners should be moving forward with preparedness plans, if the results of a recent survey are any indication.

The survey — which questioned physician practices, hospitals, payers, vendors, and others — was conducted by eHealth Initiative and the American Health Information Management Association (AHIMA).

It found that most health-care organizations are using the extra time afforded by the delay of ICD-10 compliance to October 15 to invest, train, and test. Most organizations said they're ready for testing, but some are more prepared than others. Around 40 percent of respondents said they'd start end-to-
end testing by the end of 2014, and 25 percent reported that they’d begin by the end of 2015. And, to minimize productivity loss, 68 percent of respondents said they will conduct additional training, with 31 percent hiring more coders to help with the transition.

Concerns about ICD-10 remain, however. One pertains to preparedness, with 45 percent of respondents reporting that they don't have a good sense of their partners' readiness. Another pertains to financial impact, with 38 percent of respondents saying they thought their revenue will decrease, and 14 percent saying they think it will stay the same. Only 6 percent think it will increase.

Clearly, while the ICD-10 transition seeks to improve accuracy of claims and quality of care, not everyone has a clear plan to derive value from it. But now, it seems, is the best time to prepare. We recommend that you contact us today to learn more about how we can help ensure that you are ready for ICD-10.

Not all clouds are created equal, at least when it comes to encryption. Most cloud providers say they encrypt data, which engenders a sense of security—but there is a weakness in the process. Data —say, a medical record— is indeed encrypted when you send it to the cloud. But, when it arrives at the server to be stored, it’s decrypted.

The question then becomes not if your data is encrypted, but how well it is encrypted. Consider a picture sent from one place to another using an industry-standard 256-bit AES algorithm. Anyone with some expertise and a good computer can probably see enough of that picture to make out what it is. So, ideally, you want a cloud provider to offer multi-level encryption, better than a 256-bit AES algorithm.

Additionally, there should be administrative features in place that allow you or other IT staff to see when files have been viewed and edited, how, and by whom.

If you add client-side encryption to these features, you have a winning combination: the ability to store a safely encrypted document directly with a patient, leading to better engagement and thus, a potentially more profitable business.

Contact us today to learn more about our secure options and how they can help ensure your data is secure.

Multiple cyber attacks, possibly by hacker group Anonymous, plagued the Boston Children's Hospital in April - highlighting the need for data security in all health-care environments.

The attacks may have been a response to the case of 15-year-old patient Justina Pelletier, who the hospital reported to the state as being the victim of medical neglect, ultimately resulting in the state assuming custody. Although Anonymous has not claimed responsibility, it recently launched a campaign communicating its concern that the hospital’s actions constitute "crimes against children” and threatening retaliation if the hospital did not release Pelletier.

According to a hospital statement, the attacks sought to bring down the hospital’s web site by overwhelming its capacity, but there was no reason to suggest that patient information was compromised, and patient care was not been interrupted.

The situation serves as a reminder, though, for all health-care practitioners - physician’s offices as well as hospitals. One disgruntled individual could potentially compromise the security of your system and patient data. Indeed, the 2014 Verizon Data Breach Investigations Report specifically highlights the health-care industry as a concern when it comes to carelessness regarding privacy and security.

Are you protected? If you’re not sure, it may be a good time to have your IT service provider to a security analysis. Contact us today to see how we can help.

Chief Information Officer (CIO) Denis Tanguay’s workload has quadrupled over the past few years, and he has been struggling to stay on top ensuring that systems are secure and available when his employees need it. How did he overcome these struggles? He found a solution in outsourcing.

As the CIO for Central Maine Healthcare explained in a Health Care IT News article, getting ready for Stage 2 meaningful use attestation and transitioning to ICD-10 put tremendous pressure on him and his 70-person IT staff.

A few years ago, Tanguay began working with an IT provider, which took work off his staff’s plate. Central Maine Healthcare uses IT providers in a number of ways, from service requests for new PCs, keyboards, and software installations to help with user calls. They’re essentially an “insurance policy," says Tanguay. "They have already blazed those trails and made sure that whatever we're going to be using has already been tested, what versions of firmware and software work well."

Tanguay says the result of outsourcing some IT functionality has resulted in easier software upgrades, quicker response time, greater system stability, improved data security, and better disaster recovery procedures.

Moreover, outsourcing has allowed Tanguay to focus more on the things that are important. “My CEO has a line,” he says. “’We're not in the IT business; we're in the healthcare business.’”

When it comes to IT outsourcing, health-care providers have the option of doing a little or a lot,” says another recent article. They can turn over an entire IT function, or farm out small portions. If you are struggling with managing IT systems in your practice, or would like a little help ensuring compliance with the always changing regulations, contact us today to see how our managed services can help.

More than half of health-care organizations have not implemented business-intelligence systems, according to a survey, and that could hurt their bottom lines.

Business intelligence is the transformation of raw data into useful information for business purposes. It shows you what’s going on in your practice and how your practice could improve.

According to the survey of 250 health-care professionals by TEKsystems, 58 percent of physician practices and hospitals have not implemented a business-intelligence system. That includes 21 percent that plan to implement a business-intelligence system in the next 24 months, and 26 percent that have no plans whatsoever.

This is a problem, because data will be at the heart of how health-care organizations get paid as the industry changes from a fee-for-service model to a pay-for-performance model. The survey supports this idea, as 76 percent of respondents expect a business-intelligence system to be widely used in finance.

One reason health-care providers haven’t implemented business-intelligence systems, the study found, is that there is a lack of resources and skills available to help them do so. Thirty-four percent of respondents said that data complexity is the biggest obstacle. That’s where an IT expert can help. If you want to implement a business-intelligence system, and don’t have the IT resources on staff, consider reaching out to an IT expert like us today.